SSL certificates have become essential for websites due to Google’s declaration of secure HTTPS connections as a ranking factor. Additionally, Google’s plan to label non-HTTPS pages as insecure has heightened the importance of SSL certificates. This increased demand has prompted SSL providers to reevaluate certificate pricing, aiming to make them more accessible.
Concurrently, a non-profit organization emerged, aiming to offer free HTTPS encryption solutions. We have embraced their approach on our platform as well. To find out more about the Let’s Encrypt initiative and how their SSL certificates compare to traditional ones, read our latest blog post.
What does Let’s Encrypt entail?
Let’s Encrypt, introduced in 2016, is a free and open certificate authority (CA) that offers digital certificates to website owners for enabling HTTPS (SSL/TLS) encryption.
Initiated by the Internet Security Research Group (ISRG), Let’s Encrypt is supported by the Mozilla Foundation, the Electronic Frontier Foundation (EFF), and Cisco Systems. Its primary objective is to make HTTPS encryption affordable and user-friendly, with a focus on enhancing web security and privacy.
Key features of Let’s Encrypt certificates include:
- Free Usage: Domain owners can obtain trusted certificates without any charges.
- Automated Setup and Renewal: The certificate processes are fully automated, eliminating the need for manual intervention.
- User-Friendly: No payments or validation emails are required, making it simple to use.
- Security: Let’s Encrypt promotes the implementation of the latest security practices.
- Transparency: Issued certificates are publicly accessible for transparency.
- Open Standard: The issuance and renewal protocol is openly published and adaptable.
- Community-Driven: Let’s Encrypt is a collaborative effort, independent of any single organization’s control.
The Concept and Background of the Let’s Encrypt
Initiative In 2016, the Let’s Encrypt initiative was introduced. Within its initial month, over 200,000 certificates were issued, and within a year, this number surged by a hundredfold.
Presently, Let’s Encrypt supports more than 20 million active certificates, which highlights its remarkable growth.
This remarkable expansion has been propelled by the collaborative efforts of the Internet Security Research Group, the entity behind Let’s Encrypt. Despite comprising just 9 full-time members, this organization has effectively advocated for a more secure web.
The outcomes are impressive – as indicated by data from Mozilla’s Firefox Telemetry, the last year witnessed a 10% surge in HTTPS page loads, escalating from 39% in 2016 to 49% in 2017. Essentially, half of the web now utilizes encryption, enhancing overall safety.
Today, Let’s Encrypt is trusted and endorsed by major entities like Google, Apple, and Mozilla.
How does the Authentication Process Operate?
In the process of issuing an SSL certificate, a formal request is usually submitted to a reputable certificate signing authority. This often involves paperwork and justifies the fees associated with traditional SSL certificates.
To eliminate the need for certification fees, the creators of Let’s Encrypt focused on minimizing human intervention. They devised a solution – a certificate management agent that operates on an HTTPS server and automatically acquires certificates recognized by web browsers from Let’s Encrypt.
Let’s Encrypt employs the ACME (Automatic Certificate Management Environment) protocol to validate domain ownership and issue certificates.
Before commencing the domain verification process, the agent generates a new set of public and private keys for interaction with Let’s Encrypt.
The agent’s objective is to demonstrate control over the domain on behalf of the server it represents.
This validation of domain control can be achieved through two main methods. For instance, the certificate authority (CA) may require the agent to either:
Establish a DNS record (this approach is utilized on our platform); Provision an HTTP resource; Subsequently, the agent needs to verify its control over the key pair by signing a nonce provided by the CA.
Once prepared, the agent notifies the CA, which then evaluates if all criteria have been met.
If everything unfolds successfully, the agent gains authorization to oversee certificate management for the specific domain.
How are Let’s Encrypt Certificates Granted?
Once granted permission, the agent can conveniently initiate requests, renewals, and revocations of certificates.
This is accomplished by sending certificate management messages and validating them with the authorized key pair.
To secure a certificate, the agent prepares a CSR (Certificate Signing Request), which formally requests the Let’s Encrypt CA to issue a certificate for the designated domain, along with the specified public key.
Subsequently, the agent authenticates the CSR using the authorized key and forwards it to the Let’s Encrypt CA.
If all prerequisites are met, the CA will release a certificate containing the public key from the CSR, returning it to the agent.
What Sets Let’s Encrypt SSL Certificates Apart from Regular SSLs?
Given the opportunity to obtain SSL certificates for your websites through Let’s Encrypt at no cost, you might question the rationale behind choosing a regular SSL certificate.
Similar to conventional SSL certificates, Let’s Encrypt certificates ensure fundamental SSL encryption. This implies that site visitors can trust they are engaging with the domain displayed in the address bar, safeguarding their confidential data from interception. Furthermore, Let’s Encrypt certificates are endorsed by major browsers.
When a site utilizes Let’s Encrypt SSL, the URL’s beginning is indicated with “https://” in the browser’s address bar, accompanied by a green padlock icon. Hence, Let’s Encrypt certificates deliver secure communication that most site visitors will find reassuring.
However, as a business entity, you might seek a certain level of security assurance against potential online abuses. This is where commercial SSLs come into play.
Continue reading below to comprehend the distinctions between a Let’s Encrypt certificate and a conventional SSL:
Warranty: Unlike regular SSLs, Let’s Encrypt certificates lack a warranty against misuse or mis-issuance. For smaller websites, this might not be problematic, but larger organizations could view it differently. Wildcard Certificates: Let’s Encrypt does not provide wildcard or multi-domain certificates, in contrast to traditional Certificate Authorities (CAs) that typically offer such options. Validity Period: Let’s Encrypt certificates hold a validity of only 90 days, necessitating renewal before expiration. Many regular SSL certificates remain valid for a minimum of one year, with site owners even opting for longer periods. On our platform, Let’s Encrypt certificates undergo automatic renewal, relieving you of any concerns. Support: Let’s Encrypt does not offer assistance with generating or installing SSL certificates, solely relying on community aid. For organizations needing swift SSL deployment, this could be a concern. Nonetheless, this can be mitigated through the quick re-generation and re-installation of any problematic Let’s Encrypt SSL.
Choosing Between Let’s Encrypt and Commercial SSLs – Making the Final Call Both
Let’s Encrypt and commercial SSL certificates effectively carry out the encryption task essential to safeguard your websites from unauthorized access and interception.
Hence, your decision will hinge entirely on the nature of your website, as it dictates your specific security requisites.
If your website is non-commercial, such as a blog, photo gallery, or any simple site requiring a straightforward and free SSL certificate that is conveniently obtainable with minimal effort, then Let’s Encrypt is the preferred choice.
On the other hand, if you manage an online store or an enterprise-level website, opting for a paid SSL certificate from a well-established Certificate Authority (CA) equipped with a warranty is essential.
With Google’s recent commitment to enhancing search rankings for HTTPS sites and the resulting surge in authorized SSL resellers, the costs of commercial SSLs have been consistently declining.
Today, proprietors of e-commerce websites can acquire a reasonably priced commercial SSL certificate from a reputable provider.
We have already reduced the prices for both regular and wildcard certificates, striving to ensure that you and your clientele benefit from top-tier security coverage across the web.
How to Activate a Let’s Encrypt SSL Certificate for Your Site
You and your clients can effortlessly request a Let’s Encrypt certificate for your websites through a simple process within the Hosted Domains section of the Web Hosting Control Panel.
Follow these steps:
- Access the Hosted Domains section and locate the domain you want to secure.
- In the Actions column, click on the Edit Host icon.
- Within the SSL Certificates drop-down menu, find the ‘Request Let`s Encrypt SSL’ option positioned at the bottom of the list of SSL choices.
- Once you choose the Let’s Encrypt option, proceed by clicking the Edit Host button, and wait for a few seconds as the certificate gets generated.
- Please ensure that you have selected a shared SSL IP address or a dedicated IP address (if available) from the IP Address drop-down menu.
Congratulations! The Let’s Encrypt certificate has been successfully installed for the designated domain.
Subsequently, the SSL table for your domain will proudly display the Let’s Encrypt icon.
Furthermore, the browser’s address bar will showcase a green padlock icon, signifying a secure connection.
Rest assured that all web browsers will now identify your or your client’s website as secure.
Please note that the Let’s Encrypt certificate generation process requires domain and DNS validation. As a result, valid NS records are necessary for successful validation. Consequently, if the ‘Do Not Manage DNS’ option is enabled for a specific domain, the Let’s Encrypt feature will remain inaccessible.
Ensuring Proper Installation of Let’s Encrypt Certificate
Here’s how to ensure the correct setup:
- Employ online tools like SSL Labs to comprehensively analyze the SSL web server configuration.
- Test various pages on your website to confirm the presence of a green padlock beside the URL, indicating proper HTTPS implementation.
With HTTPS in place, the next step is to redirect all HTTP URLs to their HTTPS equivalents. This can be achieved by adding specific code lines to your .htaccess file. This action will signal search engines to recognize only the HTTPS URLs.
To verify the effectiveness of the HTTP to HTTPS redirection:
- Enter your-domain.com in the Google search bar.
- Confirm that all indexed links have successfully redirected and are now adopting the HTTPS protocol.
Keep in mind that some time may elapse before Googlebot registers the redirection. Additionally, you must submit an updated sitemap for your site. Due to the distinction between HTTP and HTTPS versions in the Search Console, you need to add a new HTTPS property and then resubmit the sitemap.
Should you encounter mixed HTTP/HTTPS content warnings, tools like the SSL Insecure Content Fixer can be used to address these issues.
Let’s Encrypt, a groundbreaking collaborative endeavor, has made significant strides in enhancing online security. Although its global adoption of SSL is still in progress, Let’s Encrypt has significantly contributed to creating a more secure digital environment.
Stay tuned for more details on the recently enabled Let’s Encrypt certificates!